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INTHE CLAIMS 

Amended claims follow: 

1 . (Currently Amended) A method of executing a risk-assessment scan with a 
variable timeout duration which is set based on network conditions, 
comprising; 

measuring network conditions in a network coupled between a source and a 
target; 

executing a risk-assessment scan on the target from the source; and 
performing a risk-assessment scan-related timeout prior to making a 
determination that the target is. failing to respond to the risk-assessment scan; 
wherein the timeout includes a variable duration which is set as a function of 
the measured network conditions; 

wherein the risk-assessment scan is abandoned if the target fails to respond 
to the risk-assessment scan within the variable duration; 
wherein the timeout is set by adding a default value with a variable value 
which is set as a function of the measured network conditions; 
wherein the timeout is set bv the following algorithm: 

if Rmi, M i is < or > R^fanit bv flU^.it * PL 
then Tacmai = Tflflmii + Rnrf.ni * N: 
else Tprjimi TdBfiujh; and 
where: 

Rfcfenit^ default response duration. 
R«rti«ii « actual response duration, 

° default timeout value. 
T^-i ° actual timeout value. 
F =■ deviation factor, and 
N a normalizing factor . 
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2. (Original) The method as recited in claim 1, wherein the network conditions 
include latency associated with communication between the source and the 
target, 

3. (Original) The method as recited in claim 1, wherein measuring the network 
conditions includes transmitting a probe signal from the source to the target 
utilizing the network. 

4. (Original) The method as recited in claim 3, wherein the probe signal 
prompts the target to send a response signal to the source utilizing the 
network. 

5. (Original) The method as recited in claim 4, wherein measuring the network 
conditions further includes receiving the response signal from the target 
utilizing the network. 

6. (Original) The method as recited in claim 5 f wherein measuring the network 
conditions farther includes measuring a response duration between the 
transmission of the probe signal and the receipt of the response signal. 

7. (Original) The method as recited in claim 6, wherein the timeout is set as a 
function of the response duration. 

8. (Cancelled) 

9. (Cancelled) 

10. (Original) The method as recited in claim 1, wherein executing the risk- 
assessment scan includes executing a plurality of risk-assessment scan 
modules. 

1 1 . (Original) The method as recited in claim 1 0, wherein the timeout is 
performed for each of the risk-assessment scan modules. 
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12. (Original) The method as recited in claim 1 , and further comprising storing a 
result of the measurement of the network conditions. 

13. (Cancelled) 

1 4. (Currently Amended) A computer program product embodied on a computer 
readable medium for executing a risk-assessment scan with a variable 
timeout duration which is set based on network conditions, comprising: 

a) computer code for measuring network conditions in a network coupled 
between a source and a target; 

b) computer code for executing a risk-assessment scan on the target from the 
source; and 

c) computer code for performing a risk-assessment scan-related timeout prior to 
making a determination that the target is failing to respond to the risk- 
assessment scan; 

d) wherein the timeout includes a variable duration which is set as a function of 
the measured network conditions; 

e) wherein the risk-assessment scan is abandoned if the target fails to respond 
to the risk-assessment scan within the variable duration; 

wherein the timeout is set by adding a default value with a variable value 
which is set as a function of the measured network conditions; 
wherein the timeout is set by the following algorithm: 

if is < or > RA« m hv (R^ mt * F) 
then = T^..^ + R mm} * M; 
else Tpr^ = Td^u^; and 
where: 

Rd e fauh= default response duration^ 
Rrtetuai ~ actual response duration. 
Tdafm^ default timeout value* 
T fle p ffl| - actual timeout value, 
F = deviation factor and 
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N = normalizin g factor. 

1 5. (Original) The computer program product as recited in claim 1 4, wherein the 
network conditions include latency associated with communication between 
the source and the target. 

16. (Original) The computer program product as recited in claim 14, wherein 
measuring the network conditions includes transmitting a probe signal from 
the source to the target utilizing the network. 

17. (Original) The computer program product as recited in claim 16, wherein the 
probe signal prompts the target to send a response signal to the source 
utilizing the network. 

18. (Original) The computer program product as recited in claim 17, wherein 
measuring the network conditions further includes receiving the response 
signal from the target utilizing the network. 

1 9. (Original) The computer program product as recited in claim 1 8, wherein 
measuring the network conditions further includes measuring a response 
duration between the transmission of the probe signal and the receipt of the 
response signal, 

20. (Original) The computer program product as recited in claim 1 9 t wherein the 
timeout is set as a function of the response duration. 

21. (Cancelled) 

22. (Cancelled) 

23. (Original) The computer program product as recited in claim 14, wherein 
executing the risk-assessment scan includes executing a plurality of risk- 
assessment scan modules. 



PAGE 8/15 * RCVD AT 10/12/2005 5:33:26 PM [Eastern Daylight Time] * SVR;USPTO-EFXRF-6/27 * DNIS:27383D0 ' CSID:4089714660 ■ DURATION (mnws):03-02 



OCT. 1 2. 2005 2:44PM ZILKA-KOTAB, PC 



NO. 0515 P. 9 



-6- 

24. (Original) The computer program product as recited in claim 23, wherein the timeout is 
performed for each of the risk-assessment scan modules. 



25, (Original) The computer program product as recited in claim 14, and further comprising 
computer code for storing a result of the measurement of the network conditions. 



26. (Cancelled) 



(Original) The computer program product as recited in claim 14, wherein the network 
conditions are measured for a network segment, and the measured network conditions are 
used to set the timeout for a plurality of targets located on the network segment. 



28. (Currently Amended) A system embodied on a computer readable medium foT executing 
a risk-assessment scan with a variable timeout duration which is set based on network 
conditions, comprising: 

a) logic for measuring network conditions in a network coupled between a source and a 
target; 

b) logic for executing a risk-assessment scan on the target from the source; and 

c) logic for performing a risk-assessment scan-related timeout prior to making a 
determination that the target is failing to respond to the risk-assessment scan; 

d) wherein the timeout includes a variable duration which is set as a function of the 
measured network conditions; 

e) wherein the risk-assessment scan is abandoned if the target fails to respond to the risk- 
assessment scan within the variable duration; 

wherein the timeout is set by adding a default value with a variable value which is set as a 
function of the measured network conditions; 
wherein the timeout is set bv the following alg orithm: 



if Rnchw| is < or > R^ubv (R^. * F), 
then Tactual = Tflsfonir + Rflfr i«t * N; 
else T rrvn | = T^fa r ^: and 
where: 
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Rdfefa^- default response duration. 
Rartimi = actual response duration^ 
Tde%|r = default timeout value. 
TacmAi = actual timeout value. 
F - deviation f Saotor, and 
N = normalizing factor . 



29. (Currently Amended) A method of executing a risk-assessment scan with a variable 
timeout duration which is set based on network conditions, comprising: 

a) transmitting a probe signal from a source to a target utilizing a network, the probe signal 
prompting the target to send a response signal to the source utilizing the network; 

b) receiving the response signal from the target utilizing the network; 

c) measuring a response duration between the transmission of the probe signal and the 
receipt of the response signal; 

d) executing a risk-assessment scan including a plurality of risk-assessment scan modules; 

e) performing a risk-assessment scan-related timeout prior to making a determination that 
the target is failing to respond to each of the risk-assessment scan modules, wherein the 
timeout includes a variable duration which is set as a function of the response duration; 
and 

f) abandoning the risk-assessment scan modules if the target fails to respond to the risk- 
assessment scan modules within the variable duration 

wherein the timeout is set by adding a default value with a variable value which is set as a 
function of the measured network conditions; 
wherein the timeout is set by the following algorithm: 



if R^m is < or > R^ a , l!T bv ^ m * FY 
then T mnl = + R^^* N; 
else T pr mar = T rfft ftni t ; and 
where: 

Rwftfn»tt= default response duration. 
R^ f,! = actual response duration. 
Trfftfauh = default timeout value. 
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Tftfchii ^ actual timeout value. 
F = deviation factor, and 
N - normalizing factor . 



30. (Currently Amended) A computer program product embodied on a computer readable 
medium for executing a risk-assessment scan with a variable timeout duration which is 
set based on network conditions, comprising: 

a) computer code for transmitting a probe signal from a source to a target utilizing a 
network, the probe signal prompting the target to send a response signal to the source 
utilizing the network; 

b) computer code for receiving the response signal from the target utilizing the network; 

c) computer code for measuring a response duration between the transmission of the probe 
signal and the receipt of the response signal; 

d) computer code for executing a risk-assessment scan including a plurality of risk- 
assessment scan modules; 

e) computer code for performing a risk-assessment scan-related timeout prior to making a 
determination that the target is failing to respond to each of the risk-assessment scan 
modules, wherein the timeout includes a variable duration which is set as a function of 
the response duration; and 

f) computer code for abandoning the risk-assessment scan modules if the target fails to 
respond to the risk-assessment scan modules within the variable duration; 

wherein the timeout is set by adding a default value with a variable value which is set as a 
function of the measured network conditions^ 
wherein the time out is set bv the following algorithm: 



if R^..i is < or > Rj^.h hy fR 1ff ^ r * F), 
then Tarmai - T^fenit + R^ctim? * N; 
else T ftrttTni — T^ ffl U j t ; and 
where: 

Rdefau^ = default response duration. 
Rachel = actual response duration. 
Tffef^if = default timeout value, 
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Tactual - actual timeout vahie 1 
F = deviation factor and 
N = normalizing factor. 

(Previously Presented) A method of executing a risk-assessment scan with a variable 

timeout duration which is set based on network conditions, comprising: 

measuring network conditions in a network coupled between a source and a target; 

executing a risk-assessment scan on the target from the source; and 

performing a risk-assessment scan-related timeout prior to making a determination that 

the target is failing to respond to the risk-assessment scan; 

wherein the timeout includes a variable duration which is set as a function of the 

measured network conditions; 

wherein the risk-assessment scan is abandoned if the target fails to respond to the risk- 
assessment scan within the variable duration; 
wherein the timeout is set by the following algorithm; 

if Ractuai is < or > Rdcfeuitby (Rdcfeuii * F)> 
then Tacuai = Td c f auIt + R^uaJ * N; 
else Tactual — Tde&uu; and 
where: 

Rdefcuit = default response duration, 
Ractuai 35 actual response duration, 
Tdcfeuit^ default timeout value, 
Tacmai - actual timeout value, 
F ^ deviation factor, and 
N = normalizing factor. 

(Previously Presented) The method as recited in claim 1 , wherein the timeout is set 
utilizing a plurality of network condition probes that gather multiple network condition 
measurements on a single target 
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(Previously Presented) The method as recited in claim I, wherein the measured network 
conditions are measured for an entire network segment on which a plurality of target 
components is located. 

(Previously Presented) The method as recited in claim 1, wherein the source is capable of 
reducing a latency of the risk-assessment scan by setting the variable duration to a 
rninimal value, while avoiding the abandonment of vulnerable systems reachable over 
high latency networks by increasing the variable duration to accommodate such 
scenarios. 
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